SlideShare une entreprise Scribd logo

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webinar-slides 191045

Adi Gazit Blecher
Adi Gazit Blecher

Network segmentation is an effective strategy for protecting access to key data assets, and impeding the lateral movement of threats and cyber criminals inside your data center. With network virtualization, such as VMware NSX, now a reality it's now far easier and quicker to set up granular security policies for east-west traffic within the data center. Yet the added granularity of securities policies creates significant complexity. Presented by renowned industry expert Professor Avishai Wool, this technical webinar will provide strategies and best practices to help organizations migrate and manage security policies efficiently within a micro-segmented data center. During the webinar Professor Wool will cover how to: · Identify and securely migrate legacy applications to a micro-segmented data center · Effectively define and enforce security policies for East-West traffic · Manage the micro-segmented data center alongside traditional on-premise security devices ·Identify risk and manage compliance in a micro-segmented data center · Use network segmentation to reduce the scope of regulatory audits · Identify and avoid common network segmentation mistakes

Technologie
1  sur  53
Télécharger pour lire hors ligne
HOW TO MIGRATE AND MANAGE SECURITY POLICIES IN A SEGMENTED DATA CENTER
• Migrate applications to a micro-segmented data center • Define and enforce security policies for East-West traffic • Manage micro-segmented data center alongside traditional devices • Identify risk and manage compliance TOPICS COVERED
THE BASICS
LEGACY DATA CENTER ARCHITECTURE Users Servers Outside World, Business partners, Perimeter Firewall East-West traffic North-South traffic 4
WHY THIS IS RISKY • No filtering capabilities controlling east-west traffic • Allows unrestricted traffic: • Between internal users’ desktops/laptops and servers • Between servers in different segments • Once attackers gain a foothold – free lateral movement 5
SEGMENTED DATA CENTER ARCHITECTURE Users Zone Server Zone 2 Outside World, Business partners, Perimeter FirewallServer Zone 1 6
SEGMENTED = MORE SECURE • Introduce filtering choke-points between zones • Allows control of east-west traffic • Lets organizations restrict lateral movement between zones • How can we make this a reality? 7
POLL Which platform do you use to manage your private cloud / virtualized data center? • VMware • Microsoft Hyper-V • OpenStack • We don't have a virtualized data center
SEGMENTATION CHALLENGES
CHALLENGE #1: INTRODUCING CHOKE POINTS • In traditional data center: a major effort • Hardware, cabling, reconfigure switching and routing • In a virtualized, software-defined, data center: • Built-in firewalls as part of the infrastructure • No extra hardware needed • Software-Defined Networking  10
CHALLENGE #2: ZONING • How many zones to define? • Which subnets should reside in each zone? 11
A ZONING TRADE-OFF • Traffic inside each zone remains unrestricted • For better security, define many small zones • “Micro-segmentation” • But: need policy (rules) between every pair of zones • “Allow service X from zone 1 to zone 2” • N zones ==> N*N traffic directions • For better manageability, define a few large zones 12
CHALLENGE #3: FILTERING POLICY BETWEEN ZONES • Traffic inside each zone is unfiltered: allowed • … traffic between zones must be explicitly allowed by policy • Goal: write policy to allow legitimate zone-crossing traffic • Challenge: discover and characterize this traffic • Did you know: VMware NSX’s default policy is “allow all” • Works around the challenge • … But is completely insecure  13
APPLICATION-AWARE SEGMENTATION
THE BUSINESS-APPLICATION PERSPECTIVE • East-West traffic is generated by business applications • Each business application has: • Servers supporting it • Clients accessing it • Business application connectivity requirements: • Server-to-server traffic flows • Client-to-server traffic flows 15
SEGMENTATION FOR BUSINESS APPLICATIONS • Human-accessible systems: in a separate zone from servers: • Desktops / Laptops / Smartphones • Servers of an application, that communicate with each other: • in same zone • Infrastructure servers, that support multiple applications: • in a dedicated zone 16
PLANNING NETWORK SEGMENTATION: BLUEPRINT • Discover business applications’ connectivity requirements • Select number of zones, and their characterization • Based on applications’ flows, assign subnets to zones • Write filtering policy (rules) allowing zone-crossing flows • Avoid breaking business applications’ connectivity 17
DISCOVERY
IS YOUR ORGANIZATION WELL-DISCIPLINED? If: • All applications are documented • Applications’ connectivity requirements are documented • Documentation is machine readable Then “discovery” is easy! • What if documentation is missing / outdated ?    19
DISCOVERY FROM TRAFFIC 20
DISCOVERY RESULTS: ANALYTICS ON SNIFFED TRAFFIC 21 21
ZONE-CROSSING TRAFFIC: HIGH LEVEL POLICY
DOCUMENT: THE CONNECTIVITY MATRIX Allowed traffic between every pair of zones 23 23
ZOOM IN: FROM/TO THE PEER DMZ 24
DEMONSTRATION OF MICRO-SEGMENTATION WITH THE ALGOSEC SUITE
IMPORT INTO BUSINESSFLOW 26 26
27 27
28 28
29
30
31
VISIBILITY
33
34
Enforcing Micro Segmentation 35
Confidential 37
MAINTENANCE OF THE SEGMENTATION
MAINTENANCE OF THE SEGMENTATION • Zoning remains stable over time • … but application connectivity requirements evolve • … so filtering policies need to change over time • Need application-aware and segmentation-aware change management process • Need visibility that filtering policies comply with zoning 39
CONNECTIVITY SPREADSHEET 41
42 42
SEGMENTATION-AWARE CHANGE PROCESS
NORTH-SOUTH TRAFFIC • Hybrid network: • Software-defined data center • traditional networking outside data center • Application connectivity is also north-south • Goal: Single change workflow for all filtering technologies 44
• Identical for North-South and East-West • Indifferent to network technology • Abstracts away filtering device details 45
• Outside data center (traditional) 46
• Inside data center (virtualized) 47
48
• AlgoSec Standard risks + • User-defined risks + • Connectivity spreadsheet violations • What-if risk check, before changes are implemented 49
POLL What are your plans for filtering East-West traffic? • Already implemented • Planning to implement over the next 6 months • Planning to implement over the next 6-12 months • No plans
SUMMARY Plan • Discover business applications’ connectivity requirements • Design zoning, write policy for zone-crossing flows • Document in connectivity matrix Maintain • Visibility, automated comparison to connectivity matrix • Segmentation-aware change process 51
MORE RESOURCES 52 Meet us at VMworld – booth 658 !
THANK YOU

Recommandé

Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyAdi Gazit Blecher
 
Migrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterMigrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterAlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance FiresLiraz Goldstein
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 

Recommandé

Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyAdi Gazit Blecher
 
Migrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterMigrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterAlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance FiresLiraz Goldstein
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!Tonya Williams
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...Ali Shoaee
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A DisasterManageEngine, Zoho Corporation
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessTzoori Tamam
 
What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2ManageEngine, Zoho Corporation
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
GDPR v pojetí F5
GDPR v pojetí F5GDPR v pojetí F5
GDPR v pojetí F5MarketingArrowECS_CZ
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
IIOT on Variable Frequency Drives
IIOT on Variable Frequency DrivesIIOT on Variable Frequency Drives
IIOT on Variable Frequency Drivesmuthamizh adhithan
 
Industrial Internet
Industrial InternetIndustrial Internet
Industrial InternetAlex Lavell
 
Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Sectricity
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerManageEngine, Zoho Corporation
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewManageEngine, Zoho Corporation
 
Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...ManageEngine, Zoho Corporation
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarMaytal Levi
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 

Contenu connexe

Tendances

Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!Tonya Williams
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...Ali Shoaee
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessTzoori Tamam
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
IIOT on Variable Frequency Drives
IIOT on Variable Frequency DrivesIIOT on Variable Frequency Drives
IIOT on Variable Frequency Drivesmuthamizh adhithan
 
Industrial Internet
Industrial InternetIndustrial Internet
Industrial InternetAlex Lavell
 
Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Sectricity
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerManageEngine, Zoho Corporation
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewManageEngine, Zoho Corporation
 
Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...ManageEngine, Zoho Corporation
 

Tendances (20)

Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
 
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
Sundray hospitality wlan solution wifi - wireless - hotel - Info Tech Middl...
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application Access
 
What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overview
 
GDPR v pojetí F5
GDPR v pojetí F5GDPR v pojetí F5
GDPR v pojetí F5
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
IIOT on Variable Frequency Drives
IIOT on Variable Frequency DrivesIIOT on Variable Frequency Drives
IIOT on Variable Frequency Drives
 
Industrial Internet
Industrial InternetIndustrial Internet
Industrial Internet
 
Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)Bright talk mapping the right aut solution for you 2014 final (1)
Bright talk mapping the right aut solution for you 2014 final (1)
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManager
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
 
Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...
 

En vedette

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarMaytal Levi
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesAdi Gazit Blecher
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTToshikazu Ichikawa
 
OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyYun Zhi Lin
 
Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and FriendsYun Zhi Lin
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...CA Technologies
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0WebNMS
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)VMware
 

En vedette (20)

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LT
 
OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security Journey
 
Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and Friends
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
 

Similaire à How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webinar-slides 191045

Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxLeahRachael
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
Software Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfSoftware Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfsoftwaretrainer2elys
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
DRCC Application Overview
DRCC Application OverviewDRCC Application Overview
DRCC Application OverviewGreg Selvin
 
SDN & NFV.pptx
SDN & NFV.pptxSDN & NFV.pptx
SDN & NFV.pptxRUKESHK1
 
IT6601 Mobile Computing Unit I
IT6601 Mobile Computing Unit IIT6601 Mobile Computing Unit I
IT6601 Mobile Computing Unit Ipkaviya
 
Mobile Based Lan Monitoring.pptx
Mobile Based Lan Monitoring.pptxMobile Based Lan Monitoring.pptx
Mobile Based Lan Monitoring.pptxworkspaceyks
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionMaytal Levi
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptxAsfawGedamu
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overviewStef Coetzee
 
Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Alcatel-Lucent Enterprise
 
TIA sdn transport_2_shukla_final
TIA sdn transport_2_shukla_finalTIA sdn transport_2_shukla_final
TIA sdn transport_2_shukla_finalDeborah Porchivina
 
oneM2M - Release 1 Primer
oneM2M - Release 1 PrimeroneM2M - Release 1 Primer
oneM2M - Release 1 PrimeroneM2M
 
Light Reading BTE_SDNtoolbox_June_2015
Light Reading BTE_SDNtoolbox_June_2015Light Reading BTE_SDNtoolbox_June_2015
Light Reading BTE_SDNtoolbox_June_2015Deborah Porchivina
 

Similaire à How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webinar-slides 191045 (20)

Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Software Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfSoftware Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdf
 
Software defined network
Software defined networkSoftware defined network
Software defined network
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentation
 
Sdn
SdnSdn
Sdn
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
DRCC Application Overview
DRCC Application OverviewDRCC Application Overview
DRCC Application Overview
 
SDN & NFV.pptx
SDN & NFV.pptxSDN & NFV.pptx
SDN & NFV.pptx
 
IT6601 Mobile Computing Unit I
IT6601 Mobile Computing Unit IIT6601 Mobile Computing Unit I
IT6601 Mobile Computing Unit I
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
Mobile Based Lan Monitoring.pptx
Mobile Based Lan Monitoring.pptxMobile Based Lan Monitoring.pptx
Mobile Based Lan Monitoring.pptx
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptx
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
 
Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...
 
TIA sdn transport_2_shukla_final
TIA sdn transport_2_shukla_finalTIA sdn transport_2_shukla_final
TIA sdn transport_2_shukla_final
 
oneM2M - Release 1 Primer
oneM2M - Release 1 PrimeroneM2M - Release 1 Primer
oneM2M - Release 1 Primer
 
Light Reading BTE_SDNtoolbox_June_2015
Light Reading BTE_SDNtoolbox_June_2015Light Reading BTE_SDNtoolbox_June_2015
Light Reading BTE_SDNtoolbox_June_2015
 

Dernier

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Dernier (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webinar-slides 191045

  • 1. HOW TO MIGRATE AND MANAGE SECURITY POLICIES IN A SEGMENTED DATA CENTER
  • 2. • Migrate applications to a micro-segmented data center • Define and enforce security policies for East-West traffic • Manage micro-segmented data center alongside traditional devices • Identify risk and manage compliance TOPICS COVERED
  • 4. LEGACY DATA CENTER ARCHITECTURE Users Servers Outside World, Business partners, Perimeter Firewall East-West traffic North-South traffic 4
  • 5. WHY THIS IS RISKY • No filtering capabilities controlling east-west traffic • Allows unrestricted traffic: • Between internal users’ desktops/laptops and servers • Between servers in different segments • Once attackers gain a foothold – free lateral movement 5
  • 6. SEGMENTED DATA CENTER ARCHITECTURE Users Zone Server Zone 2 Outside World, Business partners, Perimeter FirewallServer Zone 1 6
  • 7. SEGMENTED = MORE SECURE • Introduce filtering choke-points between zones • Allows control of east-west traffic • Lets organizations restrict lateral movement between zones • How can we make this a reality? 7
  • 8. POLL Which platform do you use to manage your private cloud / virtualized data center? • VMware • Microsoft Hyper-V • OpenStack • We don't have a virtualized data center
  • 10. CHALLENGE #1: INTRODUCING CHOKE POINTS • In traditional data center: a major effort • Hardware, cabling, reconfigure switching and routing • In a virtualized, software-defined, data center: • Built-in firewalls as part of the infrastructure • No extra hardware needed • Software-Defined Networking  10
  • 11. CHALLENGE #2: ZONING • How many zones to define? • Which subnets should reside in each zone? 11
  • 12. A ZONING TRADE-OFF • Traffic inside each zone remains unrestricted • For better security, define many small zones • “Micro-segmentation” • But: need policy (rules) between every pair of zones • “Allow service X from zone 1 to zone 2” • N zones ==> N*N traffic directions • For better manageability, define a few large zones 12
  • 13. CHALLENGE #3: FILTERING POLICY BETWEEN ZONES • Traffic inside each zone is unfiltered: allowed • … traffic between zones must be explicitly allowed by policy • Goal: write policy to allow legitimate zone-crossing traffic • Challenge: discover and characterize this traffic • Did you know: VMware NSX’s default policy is “allow all” • Works around the challenge • … But is completely insecure  13
  • 15. THE BUSINESS-APPLICATION PERSPECTIVE • East-West traffic is generated by business applications • Each business application has: • Servers supporting it • Clients accessing it • Business application connectivity requirements: • Server-to-server traffic flows • Client-to-server traffic flows 15
  • 16. SEGMENTATION FOR BUSINESS APPLICATIONS • Human-accessible systems: in a separate zone from servers: • Desktops / Laptops / Smartphones • Servers of an application, that communicate with each other: • in same zone • Infrastructure servers, that support multiple applications: • in a dedicated zone 16
  • 17. PLANNING NETWORK SEGMENTATION: BLUEPRINT • Discover business applications’ connectivity requirements • Select number of zones, and their characterization • Based on applications’ flows, assign subnets to zones • Write filtering policy (rules) allowing zone-crossing flows • Avoid breaking business applications’ connectivity 17
  • 19. IS YOUR ORGANIZATION WELL-DISCIPLINED? If: • All applications are documented • Applications’ connectivity requirements are documented • Documentation is machine readable Then “discovery” is easy! • What if documentation is missing / outdated ?    19
  • 21. DISCOVERY RESULTS: ANALYTICS ON SNIFFED TRAFFIC 21 21
  • 23. DOCUMENT: THE CONNECTIVITY MATRIX Allowed traffic between every pair of zones 23 23
  • 24. ZOOM IN: FROM/TO THE PEER DMZ 24
  • 27. 27 27
  • 28. 28 28
  • 29. 29
  • 30. 30
  • 31. 31
  • 33. 33
  • 34. 34
  • 36.
  • 38. MAINTENANCE OF THE SEGMENTATION
  • 39. MAINTENANCE OF THE SEGMENTATION • Zoning remains stable over time • … but application connectivity requirements evolve • … so filtering policies need to change over time • Need application-aware and segmentation-aware change management process • Need visibility that filtering policies comply with zoning 39
  • 40.
  • 42. 42 42
  • 44. NORTH-SOUTH TRAFFIC • Hybrid network: • Software-defined data center • traditional networking outside data center • Application connectivity is also north-south • Goal: Single change workflow for all filtering technologies 44
  • 45. • Identical for North-South and East-West • Indifferent to network technology • Abstracts away filtering device details 45
  • 46. • Outside data center (traditional) 46
  • 47. • Inside data center (virtualized) 47
  • 48. 48
  • 49. • AlgoSec Standard risks + • User-defined risks + • Connectivity spreadsheet violations • What-if risk check, before changes are implemented 49
  • 50. POLL What are your plans for filtering East-West traffic? • Already implemented • Planning to implement over the next 6 months • Planning to implement over the next 6-12 months • No plans
  • 51. SUMMARY Plan • Discover business applications’ connectivity requirements • Design zoning, write policy for zone-crossing flows • Document in connectivity matrix Maintain • Visibility, automated comparison to connectivity matrix • Segmentation-aware change process 51
  • 52. MORE RESOURCES 52 Meet us at VMworld – booth 658 !